Hi Adam, I think I have found the issue that you are experiencing. I don't have a way to reproduce just yet, but I have built a test package for you to try.
I came across the following upstream bug: https://gitlab.isc.org/isc-projects/bind9/-/issues/1700 The users mention that tcp connections slowly increase and never timeout, and if they look in their conntrack tables, they see a lot of established connections with timeouts of many days, which is bigger than the default 300s Bind usually offers. It seems there is a race between deactivating a netmgr handle and processing a asynchronous callback for the socket close code, which can get triggered when a client sends a broken packet to the server and then doesn't close the connection properly. Relevant commit: commit 01c4c3301e55b7d6a935a95ac0829e37fb317a0e Author: Witold Kręcicki <w...@isc.org> Date: Thu Mar 26 14:25:06 2020 +0100 Subject: Deactivate the handle before sending the async close callback. Link: https://gitlab.isc.org/isc-projects/bind9/-/commit/01c4c3301e55b7d6a935a95ac0829e37fb317a0e I have prepared a test package with the above commit in it. Would you be able to install it to your test server and see if it fixes your problem of connections never getting closed? Please note that these packages are NOT SUPPORTED by Canonical, and are for TEST PURPOSES only. ONLY install in a dedicated test environment. Instructions to install (on 20.04) 1) sudo add-apt-repository ppa:mruffell/lp1909950-test 2) sudo apt update 3) sudo apt install bind9 4) sudo apt-cache policy bind9 | grep Installed Installed: 1:9.16.1-0ubuntu2.4+lp1909950v20210201b1 5) sudo systemctl restart named.service You might want to install the currently released 9.16.1-0ubuntu2.4 version from -updates, make sure you can reproduce the problem, and then install the above test package to make sure the test package fixes things. Let me know how the test package goes. Thanks, Matthew ** Bug watch added: gitlab.isc.org/isc-projects/bind9/-/issues #1700 https://gitlab.isc.org/isc-projects/bind9/-/issues/1700 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1909950 Title: TCP connections never close To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1909950/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
